Table of Contents
Advertisement
Chapter 10
System Configuration: Authentication and Certificates
How you edit your CTL determines the type of trust model you have. Many use a
restricted trust model wherein very few, privately controlled CAs are trusted. This
model provides the highest level of security but restricts adaptability and
scalability. The alternative, an open trust model, allows for more CAs or public
CAs. This open trust model trades increased security for greater adaptability and
scalability.
We recommend that you fully understand the implications of your trust model
before editing the CTL in Cisco Secure ACS.
Use this procedure to configure CAs on your CTL as trusted or not trusted. Before
a CA can be configured as trusted on the CTL, you must have added the CA to the
local certificate storage; for more information, see
Certificate, page
specifically configured Cisco Secure ACS to trust, authentication fails.
To edit the CTL, follow these steps:
In the navigation bar, click System Configuration.
Step 1
Click Cisco Secure ACS Certificate Setup.
Step 2
Click Edit Certificate Trust List.
Step 3
The Edit the Certificate Trust List (CTL) table appears.
Adding a public CA, which you do not control, to your CTL, may reduce your
Warning
system security.
To configure a CA on your CTL as trusted, select the corresponding check box.
Step 4
Tip
Click Submit.
Step 5
Cisco Secure ACS configures the specified CA (or CAs) as trusted or not trusted
in accordance with selecting or deselecting check boxes.
78-16592-01
10-37. If a user's certificate is from a CA that you have not
You can select, or deselect, as many CAs as you want. Deselecting a CA's
check box configures the CA as not trusted.
User Guide for Cisco Secure ACS for Windows Server
Cisco Secure ACS Certificate Setup
Adding a Certificate Authority
10-39
Advertisement
Table of Contents
Troubleshooting
